Try our new research platform with insights from 80,000+ expert users

Checkmarx SAST vs Rapid7 AppSpider comparison

Checkmarx and Rapid7 are both solutions in the Static Application Security Testing (SAST) category. Checkmarx is ranked #20 with an average rating of 9.5, while Rapid7 is ranked #27 with an average rating of 8.0. Additionally, 100% of Checkmarx users are willing to recommend the solution, compared to 100% of Rapid7 users who would recommend it.
Checkmarx SAST
Read 2 Checkmarx SAST reviews
  • 405 Views
  • 333 Comparison Views
100% willing to recommend
Rapid7 AppSpider
Read 14 Rapid7 AppSpider reviews
  • 909 Views
  • 614 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Checkmarx SAST and Rapid7 AppSpider based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Checkmarx SAST vs. Rapid7 AppSpider Report (Updated: April 2025).
Buyer's Guide
Checkmarx SAST vs. Rapid7 AppSpider
April 2025
Download the complete report
Helped 846,617 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx SAST
Ranking in Static Application Security Testing (SAST)
20th
Average Rating
9.6
Reviews Sentiment
7.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Rapid7 AppSpider
Ranking in Static Application Security Testing (SAST)
27th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
No ranking in other categories
 

Featured Reviews

Cuneyt KALPAKOGLU Phd. - PeerSpot reviewer
Identifying code vulnerabilities swiftly with no need to complete the coding and offers good security
The primary use case of Checkmarx SAST is application security, specifically static application security testing. It is essential and the root of this concept I did not find measurable information about the financial benefits or return on investment. The most important competitive advantage and…
Read full review
Andrei Bigdan - PeerSpot reviewer
Useful vulnerability reporting data, flexible, and simple implementation
I have had some stability problems but it could be the Microsoft Windows operating system. I found that closing other applications helps with stability. It is helpful to have as much memory as possible, such as eight gigabytes. The more pages being processed the more resources you need. I rate the stability of Rapid7 AppSpider a nine out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most important feature is that Checkmarx protects our company against attacks."
"The most important competitive advantage and benefit is the ability to identify vulnerabilities in the source code immediately without needing to complete the coding."
"The most important feature is that Checkmarx protects our company against attacks."
"It is really accurate and the rate of false positives is very low."
"The most valuable feature is the reporting, which is compliant with international standards."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"The setup is usually straightforward."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
More Rapid7 AppSpider pros
 

Cons

"The on-premises version is more expensive compared to the cloud version."
"We had some issues where Checkmarx did not recognize a vulnerability. We had to talk with the vendor, and they had to include an improvement in the tool to resolve this issue."
"We had some issues where Checkmarx did not recognize a vulnerability."
"This price of this solution is a little bit expensive."
"The product should offer a GUI in Japanese and provide Japanese reports for end-users."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"Integration could be better."
"There are some glitches with stability, and it is an area for improvement."
"Support response times are slow and can be improved."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
More Rapid7 AppSpider cons
 

Pricing and Cost Advice

Information not available
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"The price is pretty fair."
"The licensing cost depends on the number of users."
"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"AppSpider is closed-source software and you need to acquire a license in order to use it."
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
846,617 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
25%
Computer Software Company
12%
Manufacturing Company
10%
Insurance Company
7%
Financial Services Firm
17%
Computer Software Company
14%
Healthcare Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Checkmarx SAST?
We were users in a small country, and we paid one consolidated bill for all the tools, so I don't know the specific amount for Checkmarx.
See all answers
What needs improvement with Checkmarx SAST?
We had some issues where Checkmarx did not recognize a vulnerability. We had to talk with the vendor, and they had to include an improvement in the tool to resolve this issue.
See all answers
What is your primary use case for Checkmarx SAST?
We integrated Checkmarx with our pipelines in Jenkins. We had it fully automated for static security scanning to protect our company against attacks.
See all answers
What do you like most about Rapid7 AppSpider?
The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate a...
See all answers
What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
See all answers
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
See all answers
 

Comparisons

Checkmarx One vs Checkmarx SAST Logo
Checkmarx One vs Checkmarx SAST
Compared 87% of the time
Semgrep vs Checkmarx SAST Logo
Semgrep vs Checkmarx SAST
Compared 7% of the time
GitLab vs Checkmarx SAST Logo
GitLab vs Checkmarx SAST
Compared 5% of the time
More Checkmarx SAST Competitors
Rapid7 InsightAppSec vs Rapid7 AppSpider Logo
Rapid7 InsightAppSec vs Rapid7 AppSpider
Compared 43% of the time
Acunetix vs Rapid7 AppSpider Logo
Acunetix vs Rapid7 AppSpider
Compared 10% of the time
Invicti vs Rapid7 AppSpider Logo
Invicti vs Rapid7 AppSpider
Compared 9% of the time
OWASP Zap vs Rapid7 AppSpider Logo
OWASP Zap vs Rapid7 AppSpider
Compared 7% of the time
SonarQube Server (formerly SonarQube) vs Rapid7 AppSpider Logo
SonarQube Server (formerly SonarQube) vs Rapid7 AppSpider
Compared 5% of the time
More Rapid7 AppSpider Competitors
 

Product Reports

Buyer's Guide
Static Application Security Testing (SAST)
April 2025
Checkmarx SAST reportDownload Checkmarx SAST product report
Buyer's Guide
Rapid7 AppSpider
March 2025
Rapid7 AppSpider reportDownload Rapid7 AppSpider product report
 

Also Known As

SAST
AppSpider
 

Overview

Checkmarx SAST provides advanced static application security testing by identifying vulnerabilities in source code. It's ideal for ISOs, security professionals, and developers striving to secure applications during development.

Checkmarx SAST is known for its powerful code scanning capabilities that integrate seamlessly into existing development environments. It supports a wide range of programming languages, which makes it applicable for diverse development projects. Some users suggest improvements in the scan performance speed and enhanced support in handling false positives to further optimize workflow efficiency.

What are the standout features of Checkmarx SAST?
  • Language Support: Offers broad language support catering to multiple coding frameworks.
  • Integration Flexibility: Seamlessly integrates with existing CI/CD pipelines and developer tools.
  • Comprehensive Scanning: Detects security vulnerabilities early in the development process.
  • Detailed Reporting: Provides comprehensive reports that help prioritize remediation efforts.
What benefits and ROI should users consider?
  • Improved Security Posture: Enhances application security by catching vulnerabilities early.
  • Cost Efficiency: Reduces costs associated with post-deployment issue resolution.
  • Developer Empowerment: Allows developers to identify and fix issues independently.
  • Regulatory Compliance: Assists in meeting compliance requirements efficiently.

Implemented across various industries, Checkmarx SAST supports sectors like finance, healthcare, and technology with their stringent security requirements. By integrating seamlessly into existing workflows, it ensures that applications remain secure while not disrupting industry-specific processes.

Checkmarx

SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

Rapid7
 

Sample Customers

Information Not Available
Microsoft
Buyer's Guide
Checkmarx SAST vs. Rapid7 AppSpider
April 2025
Free Report: Checkmarx SAST vs. Rapid7 AppSpider
Find out what your peers are saying about Checkmarx SAST vs. Rapid7 AppSpider and other solutions. Updated: April 2025.
DOWNLOAD NOW
846,617 professionals have used our research since 2012.
See our Checkmarx SAST vs. Rapid7 AppSpider report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.